See the threats through the hype, with the latest research and commentary from SophosLabs.
This whitepaper explains the risks and benefits of enabling your workforce to use touchscreen smarthpones and tablets and what you need to do to keep your data secure.
The Gartner Magic Quadrant for Endpoint Protection Platforms offers independent research and analysis of the top vendors in the endpoint market.
This whitepaper offers you detailed advice on how to choose the comprehensive unified threat management (UTM) that best suits your business.
This buyers guide can help you in your search for the best web protection. It gives you detailed checklists to help you identify and evaluate the security capabilities you need.
Download this report to find out which endpoint encryption product meets your needs. And discover why Info-Tech ranks us Champions in the marketplace.
This buyers guide explains what you need from your EPP, what technology is available in today's more sophisticated products, and what questions to ask vendors to get the right fit for your business.
We explain today's major web threats and give you our four rules of complete web protection. And we show you what tools you need to get the job done simply.
This paper details how you can protect against the risk of botnet infection using security gateways that offer comprehensive unified threat management (UTM).
This paper introduces a new standard—an innovative, unified, cost-effective solution for managing branch office security, with centralized reporting and a clear process for determining return on investment (ROI).
This buyers guide provides independent research and test results to help you determine your endpoint protection requirements and identify the security vendor that best meets your needs.
Here are eight things senior managers need to know about encryption to protect data.
This whitepaper examines the challenges of data security and the steps you can take to protect personally identifiable information.
In this whitepaper we explain how three best practices for patch assessment can improve your security and compliance.
This report by Info-Tech Research Group compares and ranks endpoint anti-malware products based on a systematic evaluation and scoring methodology.
This paper outlines eight common threats that traditional antivirus alone won't stop, and explains how to protect your organization using endpoint security.
You don't have to do it alone—see what company leaders and security experts are saying.
Read about the encryption market's top vendors in this latest Gartner report.
This paper provides insight into where fake antivirus comes from and how it is distributed, what happens when a system is infected with fake antivirus, and how to stop this persistent threat from infecting your network and your users.
Mobile devices and their rapid innovation and development are enabling busy professionals to conduct business and manage their lives on the move. But what are the key technologies driving evolution of the mobile, what happens next, and what are the security implications?
Unwanted and unauthorized applications not only result in productivity loss but can also increase your company's risk of malware infection and data loss. Read this paper to learn how endpoint security solutions that have application control provide the most comprehensive defense against unauthorized applications.
The UK Information Commissioner’s Office can levy fines of up to £500,000 for data breaches, which proves data security is essential. And while it’s not illegal in the UK to lose data—regulators understand there is no 100% in security—you do need to demonstrate you’re managing information risks responsibly. Read this paper to get the key items you should cover to avoid the ICO’s wrath in 2011.
Learn how to reduce mobile security risks and keep your business data protected.
This report helps you recognize how your data can become vulnerable, including the latest issues stemming from unprotected data on mobile devices and social media sites. Understand the compliance issues involved, and identify data protection strategies you can use to keep your company’s information both safe and compliant.
The current risk to computers running non-Windows platforms is small but growing. As Mac and Linux computers become more prevalent within organizations, they are likely to become more of a target for hackers as a way in to the rest of the network and a means of infecting websites. This paper investigates the real threat from non-Windows platforms. It discusses the dangers of them distributing Windows viruses, examines the implications of their growing popularity, and highlights regulatory pressure to protect them.
Microsoft SharePoint is now the standard for internal and external collaboration and content management in much the same way Microsoft Exchange has become the enterprise standard for email. And like Exchange, SharePoint comes with a similar set of adoption challenges: The need to maximize ROI, protect against malware and data loss and establish policies for governance and compliance. This whitepaper examines SharePoint's key risks and recommends best practices to secure SharePoint and protect your organization's digital assets.
As an IT manager, you need to be able to effectively secure all of the websites you manage to avoid attack and the subsequent infection of site visitors. You also need to protect the users within your organization from becoming victims of malware. Organizations can use specific technologies and layered protection strategies to safeguard websites and shield employees. We'll review what to watch for, as well as the security strategies that will help keep you safe.
We will remember 2010 as a year in which our interaction with technology, and with each other, evolved due to the widespread adoption of social media and the use of innovative mobile devices.
Malware effectiveness continues to accelerate, while vendors are busy polishing increasingly ineffective solutions and doing little to fundamentally reduce the attack surface and protect users.
Find out how criminals use malicious JavaScript for profit and how it impacts your business.
Over the past few years, virtualization technology transformed the data center. Server virtualization enables multiple virtual servers to run off the computing power of one physical server; and due to the well-established cost benefits, this technology has become widely adopted. Now, enterprises are looking to extend these benefits to virtual desktops.
In the past few years, virtualization transformed the data center. It is now a primary supporting platform for many enterprises. A wide variety of virtualization technologies are available, but only a small number of these technologies have made it to mainstream deployment.
This guide examines the global regulatory landscape, common pain points for healthcare-based organizations, specific technical and operational security best practices, and strategies for long-term success. In addition, you'll find checklists and templates that can save you time and maximize productivity.
With the plethora of new privacy and data security regulations, we believe it is time to ask whether regulations help or hinder an organization's ability not only to protect sensitive and confidential information assets, but to be competitive in the global marketplace. Further, how difficult is it to be in compliance, who is the typical person or functional leader accountable for compliance? What is the value to the organization? Finally, what differences (if any) exist in security practices between compliant and non-compliant organizations?
Small businesses are especially vulnerable to computer viruses and lost or stolen data, since they typically lack the IT resources to deal with these threats. Inadequately protected computers open the door to annoying infections, or worse, serious business disruption. This report provides five simple and effective strategies to help you protect your business against an ever-increasing number of threats.
Halfway through 2010, cybercrime continues to evolve and grow in both scale and sophistication. Just as folks changed their habits to accommodate new technologies and new ways of conducting their everyday business, security providers needed to implement new strategies to cope with the massive growth in new malware and new attack vectors. Knowledge is power, and understanding the dangers posed by the modern interconnected world is the first step toward keeping one's identity, possessions and finances safe and secure.
Virtually every school acquires, uses and stores personally identifiable information about its students. These schools are expected to manage this private data appropriately and take every precaution to protect it from loss, unauthorized access or theft. Misusing, losing or otherwise compromising this data can carry a steep financial cost and damage a school's reputation because of complex and frequently changing regulations. This white paper examines the challenges schools face and the steps they can take to protect themselves and their students against data breaches and ensure the safety of this sensitive information.
Just as consumerization drove the iPhone's rapid growth from a consumer device to an enterprise business tool, social media, too, is being embraced as an indispensable business tool. However, as social media is organically adopted for a growing array of uses, are its security challenges receiving the necessary scrutiny? This white paper examines the transformative business effects of this technology, explores its evolution and presents ways businesses can realize its full benefits while avoiding potentially serious pitfalls.
This paper highlights key directives and legislation as it affects the member states of the EU. A data loss incident should no longer seen as an unfortunate accident; now it will be accompanied by significant reputational risk and the possibility of legal action against the organization or, even, executives personally. Clearly, and quite rightly, data loss is now a legal issue and IT professionals need to be aware of their responsibilities.
Today's corporate networks face a barrage of threats, ranging from malware to accidental data loss. Your users' endpoints receive the brunt of these attacks, and if they are not properly protected they can serve as a threat portal to the entire network. The following top five best practices offer advice to help you protect your endpoints and your network against an ever-growing body of threats.
This guide, which complements the installation guides and manuals that came with the product, will help you understand the threat protection technologies available in the Sophos Endpoint and Control agent. You'll find advice and guidance on configuring Sophos Endpoint Security and Control to ensure the best protection for your organization.
User education and awareness, preventive measures and a modern web security solution are all integral components of a comprehensive defense against today's web threats. This guide covers some essential preventive measures you should implement to reduce your risk and keep ahead of the threats as much as possible.
In addition to good preventive practices, such as rigorous patching and educating users about the risks of browsing, it is vital that organizations implement a comprehensive web security and control solution.
This whitepaper discusses the risks of users bypassing web filters and the technologies that organizations can use to combat them.
Protecting patient privacy, complying with regulations, improving IT efficiency and business collaboration, and controlling costs are five key requirements for healthcare professionals. Healthcare also continues to focus on the impact of electronic health records (EHRs), gaining higher utilization rates and achieving interoperability.
The workplace is becoming increasingly mobile with users accessing corporate data from anywhere at any time. While this trend offers organizations significant productivity benefits, it also increases the risk of data loss that could cause irreparable harm.
Virtually every organization acquires, uses and stores personally identifiable information about its customers, employees, patients, students and other individuals. These organizations are expected to manage this private data appropriately and take every precaution to protect it from loss, unauthorized access or theft.
The Health Information Technology for Economic and Clinical Health Act (a.k.a. HITECH Act) — which officially took effect February 18, 2010 — is going to fundamentally change the way organizations do business in the healthcare industry once and for all.
The early reports are in, and it's clear that Microsoft's Windows 7 is off to a fast start — thanks in part to Microsoft's liberal Windows 7 beta program and the pent-up demand for a new OS from Vista and XP users. Windows 7's market share is already 6%, a figure that is being driven by users clamoring for tighter security, faster boot-up times, greater stability and enhanced ease of use, according to market researcher Net Applications.
The Internet is now the number-one conduit for infecting users with malware. Sophos detects a new infected web page every few seconds. This white paper outlines the terms you need to know and the steps you should take to stay safe.
Safeguarding massive amounts of sensitive, confidential data — from legally protected personal information to intellectual property and trade secrets — from malicious attacks and accidental loss is one of IT's biggest challenges. With employees having greater mobility than ever before to work outside the office, the job of protecting data has never been more difficult.
With more demands being put on lightweight network-edge hardware to provide security and connectivity, combining simplified malware detection with URI filtering can offer excellent proactive protection without overburdening the hardware or the administrator.
Stored information is one of a company's most important assets. As more confidential and valuable data is carried around by staff members, it is more important than ever to protect sensitive enterprise data. Companies need a security solution that can not only protect them against this threat, but also ensure that no unauthorized persons can access their saved data or the rest of their IT infrastructure.
The public release of Windows 7 is approaching fast. Debates and discussions are raging on the security improvements in the new platform, and some potential problems have also emerged. In this white paper, we run through the most significant changes and additions, and look at what they might mean to users and administrators.
2009 has proven malware attacks are continuing to broaden. While the number of web-based attacks outweighs the attacks through email, financially-motivated cybercriminals are turning their attention to Web 2.0 and social networking platforms such as Facebook and Twitter and alternative programs and tools such as Adobe Flash and PDFs.
This security threat report examines the malware trends that emerged during the first half of 2009, and explains how businesses can defend against them.
Massachusetts has taken the lead in passing a new regulation — 201 CMR 17:00 — that requires companies to implement a comprehensive data security plan that includes encryption. This new regulation implements the provisions of an earlier data breach notification regulation.
This article discusses some aspects of the regulation and offers suggestions on how data security best practices can help with compliance. Companies should discuss the regulation in detail with their legal consul to examine how it affects their unique circumstances and the best course of action to be taken.
This paper examines the primary data threats that currently concern chief security officers (CSOs) and IT security management within enterprises, and recommends best-practice techniques to minimize and overcome risks to data security. These best practices have been successfully implemented and deployed in organizations worldwide as components of a holistic data security strategy.
Evaluating the various data security options to protect your PCs can be challenging. This paper examines the options, discusses why passwords alone are not sufficient and makes the case for strong data encryption.
Organizations considering moving to an endpoint security solution often assume that the costs of switching from their current antivirus vendor will be greater than upgrading with that vendor. This study, conducted by Hobson & Company and commissioned by Sophos, aims to uncover and quantify all the cost areas involved in migrating (upgrading or replacing) to an endpoint security product and managing the solution to gain a total cost of ownership (TCO) comparison between the leaders in the field.
In tough economic times, with tightened budgets and heightened competition, it's vital for businesses to secure their systems and data against a growing field of threats. However, implementing and maintaining full-spectrum protection can be a heavy drain on financial and human resources if not done right. This whitepaper discusses how efficiencies in security can free up both human and physical resources to become a more flexible and profitable operation.
Computer literate K-12 students regularly use anonymizing proxies to bypass their school's web filters to access pornography, social networking, and other blocked websites. This is a major security flaw because most infected networks are first exposed via the web. This whitepaper discusses the risks of students bypassing web filters and the technologies that schools can use to combat them.
As blogs and social networking sites become increasingly mission-critical business tools, organizations require a positive security model to replace yesterday's access-blocking approach. This paper highlights the issues and describes the three pillars of protection organizations need to safeguard their systems and resources.
The need to control the flow of corporate information is acute. This paper gives practical guidance on how to use your IT budget effectively to prevent data leakage at the gateway and endpoint and highlights the benefits of encryption in securing data if it does get intentionally or accidentally lost.
Complying with a growing number of government, industry and internal regulations designed to protect data is becoming harder and more expensive to manage. This paper investigates how a well-defined strategy, backed up by powerful technology can provide the solution.
End users running unauthorized, unsecured virtual environments on their computers make corporate systems and data much more vulnerable. This paper gives five effective ways to secure yourself against the hidden threats.
Predicting the future in such a rapidly evolving environment is near impossible. One only needs to count the rate at which new malware appears today compared to five years ago to see how quickly the threat has become more serious. Read our security threat report to read about the malware trends we predict will be at the forefront in 2009.
The current risk to Macs and Linux computers is small but growing. This paper investigates the threat businesses face from non-Windows platforms, examines the implications of their growing popularity, and highlights regulatory pressure to protect them.
Organizations need innovative approaches to protect the web, email servers and endpoint from today's fast, targeted, silent threats. This paper discusses the security implications of modern threats, analyzes where emerging technologies can add real value, and highlights five key strategies for ensuring solid malware protection.
This report gives a comprehensive insight into the events and trends that emerged during the first half of 2008, and helps businesses to stay ahead of today's increasingly covert threats.
New pressures from a constantly changing threat environment and an increasingly mobile workforce are highlighting the shortcomings of earlier versions of NAC. This white paper describes how the emerging NAC 2.0 model will offer more finely controlled network access, an increased agility of response, and a better focus on network, desktop and security operations.
Protecting IT networks used to be a straightforward case of encircling computers and servers with a firewall and ensuring that all traffic passed through just one gateway. However, the increase in mobile workers, numbers and type of device and the amount of non-employees requiring network access led to a dissolving of that network perimeter. Access requests can come from anyone and anywhere, which is why organizations are turning to network access control (NAC) technologies. This paper discusses why NAC is important and how it should be implemented on the endpoint for maximum protection.
About half of the vendors in the network access control market are startup companies, most of which will grow in 2008. Starting in 2009, the overall market will begin to consolidate, as established network and security vendors embed and enhance NAC functions into their products. This report assessed vendors on the following criteria: market understanding, marketing strategy, sales strategy, offering (product) strategy, overall viability (business unit, financial, strategy, organization) and sales execution and pricing.
The unmonitored and unguarded use of email by employees poses a multitude of risks to organizations. The distribution of inappropriate or offensive content, malicious emails, and the risks of data leakage all threaten working environments, IT resources and an organization's reputation. A comprehensive, transparent and enforceable email acceptable use policy (AUP), combined with robust email security solutions, dramatically reduces exposure to these risks. This paper provides practical guidance on developing and enforcing an email AUP that meets the combined requirements of an organization's IT, HR and legal departments.
With organizations facing a growing number of threats and an increasingly regulated business environment, ensuring security and compliance across the email infrastructure is paramount. The complexity of this challenge requires a comprehensive solution. To block attacks and enforce acceptable use of email, organizations need to deploy integrated protection at the email gateway, on the email server and on all endpoint computers. This paper explores the threats facing email infrastructures, illustrating the need for multi-layered security.
Employees increasingly expect to use the Internet at work for their own personal use in return for longer hours, taking work home with them and interrupting vacations. This has a number of security, productivity, bandwidth and legal ramifications that require organizations to create and implement a web usage policy that is backed up by effective web filtering tools. This paper discusses how to create a policy that balances an organization's need for protection against an individual's expectations.
Evaluating the performance of competing endpoint security products is a time-consuming and daunting task. Independent competitive comparisons, performance benchmarks, and detection certifications cover different solutions and criteria and provide conflicting results. This paper highlights the pitfalls of simply looking at virus detection rates and gives the six critical questions businesses need to ask to ensure successful protection now and in the future.
Today's cybercriminals are constantly looking for new vulnerabilities to exploit, they use fast-changing, low-profile threats to infect and hijack computers across the business network. This paper describes how SophosLabs uses its global visibility and 24/7 research operations to facilitate powerful integration of expertise, automation and technology to provide the proactive protection and rapid response that businesses need.
The report examines the threat landscape over the previous twelve months, and predicts emerging cybercrime trends for 2008. In 2007, organized criminal gangs extended their efforts beyond Windows, looking to Mac and other operating systems for new targets. Attacks using wireless connectivity and mobile devices and accusations of state-sponsored cybercrime have also increased. Find out more about the past year's events and Sophos's predictions for the next 12 months.
For many would-be network access control (NAC) adopters, what NAC is or is supposed to be is unclear. However, the companies who are successfully protecting their network aren't confused — they also have more demanding views as to what they think a NAC solution should provide. This report aims to further the market's understanding of NAC — its function and capabilities — as seen through the eyes of those organizations that are getting the best results in protecting their network access.
With spam levels breaking records every day, the quintessential business tool — email — has simultaneously become a major liability. With inboxes overrun with more and more unwanted email that threatens business productivity, regulatory compliance, and network security, organizations are having to look at what is being mailed in, out and around their network, at the gateway, at the mail server and at the endpoint. This paper focuses on the threat posed by unwanted emails that make it through to the inbox, explains the impact these threats have on organizations, and demonstrates what needs to be done in response to make email safe and productive.
This security threat report update descibes the ongoing changes in the threat landscape and the challenges they present to organizations. Includes discussion of web threats, email and spam, endpoint security and Windows and non-Windows threats, as well as reviewing specific recent threats and related legal action.
Traditional appliances that promise to meet the challenge of letting the IT administrator do more with constrained resources and less time turned out to be at best only partial solutions. This paper highlights how truly managed appliances free up time while providing improved security, visibility and peace of mind. It explains how they enable efficient security management by reducing daily administration, enhancing the user experience, and offering proactive support.
The explosion in spyware has presented businesses with increasing concerns about security issues, from data theft and network damage to reputation loss and exposure to potential litigation. This paper examines how spyware infiltrates and affects organizations and describes how to protect against it.
The continuing evolution of malware threats combined with the demand for increasingly flexible working practices is a significant challenge to IT departments seeking to reduce help desk support and get better value for money from their investment in security. This paper looks at how organizations can benefit from a more integrated, policy-driven approach to protecting the network at all levels and controlling both user access and behavior.
Cybercriminals continue to invent increasingly cunning ways to exploit human and computer vulnerabilities to steal and extort money from computer users and companies. Our latest security threat report describes the latest threats, highlights their growing complexity and looks at what the likely trends are for 2007.
Five years after the release of Windows XP, Microsoft's primary stated goal with Windows Vista has been to reduce security vulnerabilities and overall susceptibility to malware and other threats. This paper assesses how far the new features measure up to Microsoft's aspirations for its new desktop operating system and provides an insight into the level of protection they provide to business users.
Spyware, viruses, and other unwanted or unauthorized applications easily infiltrate enterprise networks via web browsing. This paper defines the requirements for effective, manageable security that protects organizations from infection and legal risk, while also meeting end user demands for performance and accessibility.
Hijacked computers, or zombies, hide inside networks where they send spam, steal company secrets, and enable other serious crimes. This paper discusses how the threat evolved, explains how zombie networks, or botnets, are created and highlights how even organizations with reliable gateway and endpoint protection are vulnerable to these email- and web-borne threats.
Managing the desktops, laptops and servers at the endpoints of corporate networks is an increasingly complex, time-consuming and expensive task. This paper examines the issues of managing security across the network, discusses the key criteria involved in choosing a solution, and describes Sophos Endpoint Security.
Cybercriminals continue to invent new ways to exploit human and computer vulnerabilities to steal and extort money from computer users and companies. This update to our annual security threat management report looks at how the threat landscape changed in the first six months of 2006 and what the likely trends are for the rest of the year.
Faced with the growing volume and complexity of threats at the email gateway, organizations are looking for security solutions that offer better protection. The availability, expertise, and productivity of IT resources must be balanced against budgets, flexibility and control. This paper helps IT administrators make an informed decision by comparing software solutions, appliances, and managed services and looks briefly at the choices offered by Sophos.
The challenge for organizations today is to stay ahead of the increasingly interconnected threat from rapidly spreading viruses and spam campaigns, phishing scams, spyware and other threats. The expertise and systems in SophosLabs™ give businesses the reliable protection they need across all threat types.
Increased connectivity in and out of the office has radically changed the task of securing an organization's systems and data. Client firewalls — are now an essential part of corporate endpoint security. This white paper describes what a personal firewall is, why it is important, and how it differs from a gateway firewall.
Linux is expanding rapidly beyond its traditional base of enthusiasts, finding rising popularity as a server platform for corporations. This paper highlights the threat to businesses caused by the interaction of unprotected Linux computers with Windows and other platforms. The paper also discusses the vulnerability of mixed IT environments to the range of increasingly complex threats.
Viruses have become sophisticated tools in the hands of cybercriminals. The effect of a virus attack on a small business, which does not have the resources to focus on network security, can be catastrophic. This paper describes the evolving threat, provides best practice security advice, and explains how Sophos small business solutions provide small businesses withreliable, integrated protection.
The growth in malware continued unabated during the 20 years since Sophos entered the computer security industry. Take a look at the history of viruses and spam, how collaboration between virus writers and spammers is impacting enterprises, and how SophosLabs™ provides continuous protection against evolving threats.
Discover the top ten malware threats of 2005, the latest trends in the world of malware, and how organized criminals are working more closely together to infect computers than ever before.
This paper explains the online fraud known as phishing, examining how it threatens businesses and looking at the dramatic rise in the number of attacks over recent years. Phishing methods and tricks are described and ways of protecting computers and networks from phishing attacks are discussed.
The increasingly complex nature of today's fast-moving threats radically changes the criteria for defense and demands an integrated, multi-tier approach to threat management. Cross-threat expertise and technology in SophosLabs™ makes Sophos uniquely able to respond to this challenge.
With all the web-connected ways your organization does business, you have to be ready to handle malware attacks, multiplying threat vectors and increased compliance responsibilities. Threat protection requires an updated approach now that the classic model of anti-virus plus firewall is no longer enough. Current best practice calls for interlocking layers of protection that support your company’s business processes and the digital assets you need to protect. This paper describes principles you can use to strike the best balance between enabling your business and ensuring effective security.